generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Game Creation and Development » Scripters
Home Search
 

Re: Re:

Previous Thread :: Next Thread 
BloxHound is not online. BloxHound
Joined: 30 Oct 2009
Total Posts: 403
28 Jul 2012 12:04 AM
I've already posted a thread in Roblox Talk that got 600 views and 4 pages. Out of dozens of idiots I found someone useful.

Anyway we are looking for mostly website oriented exploits and glitches.
Were trying to find and replicate the things nikayah and aeacus and nate2800 used to do.
We prefer if you have knowledge with

Fiddler2
Programming
Understand code
And experience with exploits (No I dont mean a youtube video you found on how to hack insertgamehere >_>)
I mean experience with finding your own exploits but if you know programming and fiddler2 shiz I guess thats good enough.


Add me on xfire: kidnomorroblox

We already have a hunch.
:)
Report Abuse
ArceusInator is not online. ArceusInator
Joined: 10 Oct 2009
Total Posts: 30553
28 Jul 2012 12:05 AM
inb4ban
Report Abuse
BloxHound is not online. BloxHound
Joined: 30 Oct 2009
Total Posts: 403
28 Jul 2012 12:05 AM
Btw Ive already got a team of 5 so far. 3 Really nice programmers in it.

Im sure you know them but Im not leaking there names out.
Report Abuse
BloxHound is not online. BloxHound
Joined: 30 Oct 2009
Total Posts: 403
28 Jul 2012 12:06 AM
@ArceusInator

Sure. Why not? Add it to the list.
Report Abuse
Seranok is not online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
28 Jul 2012 12:06 AM
I meet all the criteria but hacking ROBLOX is really dumb.
Report Abuse
BloxHound is not online. BloxHound
Joined: 30 Oct 2009
Total Posts: 403
28 Jul 2012 12:07 AM
Its actually really easy aswell.

Well it used to be atleast :)
Report Abuse
BloxHound is not online. BloxHound
Joined: 30 Oct 2009
Total Posts: 403
28 Jul 2012 12:09 AM
Actually it still is ._.
Report Abuse
mew903 is not online. mew903
Joined: 03 Aug 2008
Total Posts: 22071
28 Jul 2012 12:10 AM
> Fiddler2

I've seen that too many times today q__q
Report Abuse
BloxHound is not online. BloxHound
Joined: 30 Oct 2009
Total Posts: 403
28 Jul 2012 12:13 AM
@mew903

In regards to what?
Report Abuse
stravant is not online. stravant
Forum Moderator
Joined: 22 Oct 2007
Total Posts: 2893
28 Jul 2012 12:13 AM
"Were trying to find and replicate the things nikayah and aeacus and nate2800 used to do. "

I also did exploiting with them back in the day, and I can tell you that we did not do anything that interesting, just renaming players and making assets that popped up alerts when viewed mostly.

The exploits for that stuff are not possible anymore, the security is _very_ much more locked down now than it was then, mostly thanks to us finding and reporting all that stuff.

Plus soon enough replication filtering will be out any you really won't be able to do anything towards well constructed games.
Report Abuse
BloxHound is not online. BloxHound
Joined: 30 Oct 2009
Total Posts: 403
28 Jul 2012 12:14 AM
Excuse my rotarded English
I mean where?
Report Abuse
BloxHound is not online. BloxHound
Joined: 30 Oct 2009
Total Posts: 403
28 Jul 2012 12:16 AM
@stravant

I am aware that most of it isn't possible.
Were still looking for onsite stuff.


And Im guessing XML inside tshirts was patched?
Report Abuse
mew903 is not online. mew903
Joined: 03 Aug 2008
Total Posts: 22071
28 Jul 2012 12:18 AM
I told Sorcus a minor XSS problem in the site today, but it didn't seem that big of a threat to me.
Report Abuse
mustyoshi is not online. mustyoshi
Top 50 Poster
Joined: 27 Dec 2007
Total Posts: 41651
28 Jul 2012 12:19 AM
@xLEGOx
Then why was I able to post comments to uncommentable places simpley by copying the comment form from one page to another?
ROBLOX makes too many assumptions when it comes to the santizedness of their input.
They always overlook stuff.
They still haven't patched the root cause of why I was able to force players to buy items by joining my game, and recently changing their statuses. Both times I reported it, I told them what they needed to fix, and both times they merely added event validation instead of fixing the real problem.

~Monica
Report Abuse
LocalChum is not online. LocalChum
Joined: 04 Mar 2011
Total Posts: 6906
28 Jul 2012 12:19 AM
title fix
Report Abuse
stravant is not online. stravant
Forum Moderator
Joined: 22 Oct 2007
Total Posts: 2893
28 Jul 2012 12:20 AM
"Then why was I able to post comments to uncommentable places simpley by copying the comment form from one page to another?"

Probably a low priority fix since that's a harmless bug. Most of the actual exploitable XSS has been patched.
Report Abuse
mustyoshi is not online. mustyoshi
Top 50 Poster
Joined: 27 Dec 2007
Total Posts: 41651
28 Jul 2012 12:22 AM
If I had written it, I would have checked the ID of the place against the database to make sure commenting was enabled. The devs didn't think it was necessary, and now people think I payed people to close comments after I posted them. I paid the ultimate price.

~Monica
Report Abuse
Seranok is not online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
28 Jul 2012 12:22 AM
most of the "exploits" out there are pretty much harmless.
Report Abuse
BloxHound is not online. BloxHound
Joined: 30 Oct 2009
Total Posts: 403
28 Jul 2012 12:24 AM
"Most of the actual exploitable XSS has been patched."


Dreams crushed.
Report Abuse
BloxHound is not online. BloxHound
Joined: 30 Oct 2009
Total Posts: 403
28 Jul 2012 12:25 AM
If you couldn't tell that was saracasm then.

I dont know.
Report Abuse
Seranok is not online. Seranok
Joined: 12 Dec 2009
Total Posts: 11083
28 Jul 2012 12:26 AM
I know of a few XSS that are unpatched but they are pretty much utterly useless not worth the dev's time in fixing them
Report Abuse
stravant is not online. stravant
Forum Moderator
Joined: 22 Oct 2007
Total Posts: 2893
28 Jul 2012 12:26 AM
"If I had written it, I would have checked the ID of the place against the database to make sure commenting was enabled."

It's obviously not that simple. If you look at any non-trivial sites code there's usually many layers of framework between getting the raw data from the request and actually processing it with your written code.

It may be a sign of bad framework design if those things are getting through, but it's certainly not plain negligence.
Report Abuse
mustyoshi is not online. mustyoshi
Top 50 Poster
Joined: 27 Dec 2007
Total Posts: 41651
28 Jul 2012 12:28 AM
True, I have not worked with what ever framework they user. But I still feel like at the very bottom it should have checked.

~Monica
Report Abuse
BloxHound is not online. BloxHound
Joined: 30 Oct 2009
Total Posts: 403
28 Jul 2012 12:30 AM
Any ideas on how fluffy got p4sswoods via a friend request.

We already have some ideas.
Report Abuse
mustyoshi is not online. mustyoshi
Top 50 Poster
Joined: 27 Dec 2007
Total Posts: 41651
28 Jul 2012 12:34 AM
I still think he didn't get passes.
ROBLOX wouldn't store them in plaintext, they're not that stupid.

~Monica
Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Game Creation and Development » Scripters
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image